diff options
author | David Kalnischkies <david@kalnischkies.de> | 2015-12-14 02:18:25 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2015-12-14 02:26:23 +0100 |
commit | bd4a8f51649ee37291c6e07310104a94f4f5fbed (patch) | |
tree | 6ec200a62164dd318cc675a180cfb11c0e7d5c60 /test | |
parent | 8deda84ed86bae6bfa83f5c25d15fd4611c637c0 (diff) |
show a more descriptive error for weak Release files
If we can't work with the hashes we parsed from the Release file we
display now an error message if the Release file includes only weak
hashes instead of downloading the indexes and failing to verify them
with "Hash Sum mismatch" even through the hashes didn't mismatch (they
were just weak).
If for some (unlikely) reason we have got weak hashes only for
individual targets we will show a warning to this effect (again, befor
downloading and failing the index itself).
Closes: 806459
Diffstat (limited to 'test')
-rw-r--r-- | test/integration/framework | 13 | ||||
-rwxr-xr-x | test/integration/test-apt-update-weak-hashes | 40 |
2 files changed, 53 insertions, 0 deletions
diff --git a/test/integration/framework b/test/integration/framework index 8760f3db8..2cc6be3dd 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1420,6 +1420,19 @@ testnopackage() { fi msggroup } +testnosrcpackage() { + msggroup 'testnosrcpackage' + msgtest "Test for non-existent source packages" "apt-cache showsrc $*" + local SHOWPKG="$(aptcache showsrc "$@" 2>&1 | grep '^Package: ')" + if [ -n "$SHOWPKG" ]; then + local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testnosrcpackage.output" + echo "$SHOWPKG" >"$OUTPUT" + msgfailoutput '' "$OUTPUT" + else + msgpass + fi + msggroup +} testdpkgstatus() { msggroup 'testdpkgstatus' diff --git a/test/integration/test-apt-update-weak-hashes b/test/integration/test-apt-update-weak-hashes new file mode 100755 index 000000000..38c739099 --- /dev/null +++ b/test/integration/test-apt-update-weak-hashes @@ -0,0 +1,40 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'i386' +confighashes 'MD5' + +insertpackage 'unstable' 'foo' 'i386' '1.0' +insertsource 'unstable' 'foo' 'any' '1.0' + +setupaptarchive --no-update +APTARCHIVE="$(readlink -f ./aptarchive)" + +msgmsg 'Release contains only weak hashes' +FILENAME="${APTARCHIVE}/dists/unstable/InRelease" +MANGLED="$(readlink -f ./rootdir)/var/lib/apt/lists/partial/$(echo "$FILENAME" | sed 's#/#_#g')" +testfailuremsg "W: Failed to fetch file:${FILENAME} No Hash entry in Release file ${MANGLED}, which is considered strong enough for security purposes +E: Some index files failed to download. They have been ignored, or old ones used instead." apt update +testnopackage foo +testnosrcpackage foo + +msgmsg 'Release contains no hashes' +sed -i -e '/^ / d' -e '/^MD5Sum:/ d' "$APTARCHIVE/dists/unstable/Release" +signreleasefiles +testfailuremsg "W: Failed to fetch file:${FILENAME} No Hash entry in Release file ${MANGLED} +E: Some index files failed to download. They have been ignored, or old ones used instead." apt update +testnopackage foo +testnosrcpackage foo + +msgmsg 'Release contains only weak hashes for some files' +confighashes 'MD5' 'SHA256' +generatereleasefiles +sed -i '/^ [0-9a-fA-Z]\{64\} .*Sources$/d' "$APTARCHIVE/dists/unstable/Release" +signreleasefiles +testwarningmsg "W: Skipping acquire of configured file 'main/source/Sources' as repository 'file:${APTARCHIVE} unstable InRelease' provides only weak security information for it" apt update +testsuccess apt show foo +testnosrcpackage foo |